Threat actor has been targeting the aviation industry since at least 2018
Security researchers from the Cisco Talos team uncovered a spear-phishing campaign targeting the aviation industry for two years avoiding detection....
hacking
BatchQL – GraphQL Security Auditing Script With A Focus On Performing Batch GraphQL Queries And Mutations
BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is...
Concealed Position – Bring Your Own Print Driver Privilege Escalation Tool
Concealed Position is a local privilege escalation attack against Windows using the concept of "Bring Your Own Vulnerability". Specifically, Concealed...
Expert discloses details and PoC code for Netgear Seventh Inferno bug
A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and...
CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data
Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive...
Experts warn that Mirai Botnet starts exploiting OMIGOD flaw
The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online. Threat actors behind a...
Ntlm_Theft – A Tool For Generating Multiple Types Of NTLMv2 Hash Theft Files
A tool for generating multiple types of NTLMv2 hash theft files. ntlm_theft is an Open Source Python3 Tool that generates...
On-The-Fly – Tool Which Gives Capabilities To Perform Pentesting Tests In Several Domains (IoT, ICS & IT)
▒█████ ███▄ █ ▄▄▄█████▓ ██░ ██ ▓█████ █████ ██▓ ▓██ ██▓▒██▒ ██▒ ██ ▀█ █ ▓ ██▒ ▓▒▒▓██░ ██ ▓█...
German Election body hit by a cyber attack
A spokesman for the authority running Germany’s September 26 general election confirmed that hackers briefly disrupted its website last month....
New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems
A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers...
A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection
Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows...
FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug
The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warn of state-sponsored attacks that are actively exploiting CVE-2021-40539 Zoho...
Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug
Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444). Microsoft...
DNSTake – A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover
A fast tool to check missing hosted DNS zones that can lead to subdomain takeover. What is a DNS takeover?DNS...
CVE-2021-40444 PoC – Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)
Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)Creation of this Script is based on some reverse...
Plution – Prototype Pollution Scanner Using Headless Chrome
Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via...
Kali Linux 2021.3 – Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2021.1. This release has various impressive updates.A summary of the changes...
Bitdefender released free REvil ransomware decryptor that works for past victims
Researchers from Bitdefender released a free master decryptor for the REvil ransomware operation that allows past victims to recover their...
Anonymous hacked the controversial, far-right web host Epik
Anonymous claims to have hacked the controversial web hosting provider Epik, known for allowing far-right, neo-Nazi, and other extremist content....
OMIGOD vulnerabilities expose thousands of Azure users to hack
OMIGOD – Microsoft addressed four vulnerabilities in the Open Management Infrastructure (OMI) software agent that could expose Azure users to...
Microsoft announces passwordless authentication for consumer accounts
Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. Microsoft will...
Vailyn – A Phased, Evasive Path Traversal + LFI Scanning & Exploitation Tool In Python
Vailyn's Crawler analyzing a damn vulnerable web application. LFI Wrappers are not enabled. GUI Demonstration (v2.2.1-5) Possible IssuesFound some false...
Rootend – A *Nix Enumerator And Auto Privilege Escalation Tool
rootend is a python *nix Enumerator & Auto Privilege Escalation tool. For a full list of our tools, please visit...
Three formers NSA employees fined for providing hacker-for-hire services to UAE firm
Three former NSA employees entered into a deferred prosecution agreement that restricts their future activities and employment and requires the...
